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Part 1: 

Answer the following questions by clearly circling the most appropriate answer [ 1 point each ] 

1. If public-key is used in message encryption, then encryption provides no confidence of 
sender since anyone potentially knows public-key. Is this statement true or false? 

a) True 
b. False 

2. In public key encryption if A wants to send an encrypted message 

a. A encrypts message using his private key 

b. A encrypts message using B's private key 
^0 A encrypts message using B's public key 

d. A encrypts message using his public key 

3. A digital signature is required 

i. to tie an electronic message to the sender's identity 

ii. for non repudiation of communication by a sender 

iii. to prove that a message was sent by the sender in a court of law 

iv. in all e-mail transactions 


a. 

i and ii 

b. 

i, ii, iii 

c. 

iii, iv 

d. 

ii, iv 
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4. In public key encryption system if A encrypts a message using his private key and sends it 
to B 



if B knows it is from A he can decrypt it using A's public key 
Even if B knows who sent the message it cannot be decrypted 
It cannot be decrypted at all as no one knows A's private key 
A should send his public key with the message! 


5. Hashed message is signed by a sender using 



his public key 
his private key 
receiver's public key 
receiver's private key 


6. The responsibility of a certification authority (CA) for digital signature is to authenticate 
* the 

a. hash function used 
(p. private keys of subscribers 
' v c.)public keys of subscribers 
d. key used in DES 


7. For a 64-bit hash code, if birthday attack works, then how many trials on average needed 
to find another message with similar hash, 


a. 

^33 

trials 

b. 

264 

trials 

© 

263 

trials 

® 

V2^ 

trials 


8. Which of the following is not an SSL protocol 

a. SSL handshake protocol 

b. SSL change cipher Spec protocol 

c. SSL record protocol 
SSL session protocol 

9. HTTPS refers to 




The HTTP and SSL handshake that allows the server and client to authenticate each 
other and to negotiate encryption 

The HTTP and SSL establishment of security capabilities by the client to initiate and 
establish capabilities 

The combination of HTTP and SSL to implement secure communication between a 
web browser and a web server. 

The HTTP-specific protocol to change of pending state to be copied into current state 
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10. Message Authentication Code (MAC) is a cryptographic checksum and is a 
function. 

a. One-to-one 

b. One-to-many 
/£:> Many-to-one 

d. Many-to-many 


Part 2: 

1. Suppose that Alice chooses for an RSA system the primes p = 31, and q = 43, and the 
public key e - 31. [4 points] 

(a) Write the equation to encrypt the plaintext M = 245. 


(b) Write the equation to determine the private key d. 


2 . ' In RSA, what restriction that determine selecting the random number e in key generation? 

[ 1 points ] 


3. What is wrong with the following: Alice chooses for an RSA system the primes p = 7, and q 
and the public key e = 5 to encrypt message M=88. [ 1 points ] 



4. What is wrong with the following: Alice chooses for an RSA system the primes p = 11, and 
q = 17, and the public key e - 8 to encrypt message M=90. [ 1 points ] 


5. If Bob want to sign a message he encrypts the message using his private key [ 3 points ] 

i. Prove that his approach is not correct. Assume Bob signed message m l and message 
m 2 then the signature for message m 1 m 2 can be easily forged. Prove. 


n. 


Find a solution to countermeasure previous attack. 


6. If we have a hash function, how do we construct a MAC from it? 


[ 1 points ] 


7. 


Assume Alice and Bob 
m to Bob and Bob can 
keys. 


shared their public keys. Now, Alice wants to send a secret message 

authenticate its from Alice. No hash functions used, only public 

[ 2 points ] 


8. List four ways of distributing public keys. 


[ 2 points ] 


i. 

ii. 



9. Wriat is a certificate authority? Explain a scenario in which they are useful. [3 points] 


10. List two drawbacks for public key authorities 


[ 2 points ] 
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Part 3: 


1. In which layer of the TCP/IP protocol stack the SSL protocol is placed? and why it is not 
placed in the IP layer? [2 points] 


2. What does server_hello message in phase 1 of SSL handshake protocol contain? 

[ 2 points ] 


3. What is the purpose of the dual signature in SET protocol? 

[ 2 points ] 


4. How can you prevent the following: 
i. Replay attacks 

[ 2 points ] 

ii. Man-in-the-Middle attack in public key exchange 



5. Explain how certificates get revoked. 

[ 2 points ] 
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